Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Commits on Jul 24, 2012
  1. added ChangeLog.git file

    authored
  2. bumped version to 2.0.1

    authored
  3. bumped version to fwknop-2.0.1

    authored
  4. PCAP_LOOP_SLEEP bug fix to 1/10th of a second

    authored
    [server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
    microseconds).  This was supposed to be the default anyway, but C
    Anthony Risinger reported a bug where fwknopd was consuming more
    resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
    default to 1/100th of a second - this has been fixed.
Commits on Jul 23, 2012
  1. [client] Fixed several minor memory leaks caught by valgrind

    authored
    This commit fixes memory leaks like the following in the fwknop client:
    
    HEAP SUMMARY:
        in use at exit: 300 bytes in 11 blocks
      total heap usage: 100 allocs, 89 frees, 16,583 bytes allocated
    
    16 bytes in 1 blocks are indirectly lost in loss record 1 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D63E: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 2 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D658: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 3 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D672: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 4 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D68C: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
Commits on Jul 21, 2012
  1. Better SPA message validation upon SPA decrypt/decode.

    authored
    Added SPA message validation calls to fko decoding routines to help
    ensure that SPA messages conform to expected values.
Commits on Jul 20, 2012
  1. Implemented server-side bounds checking on inccoming SPA data.

    authored
    Enhanced the libfko decoding routine to include bounds checking on decrypted
    SPA data.  This includes verifying the number of fields within incoming SPA
    data (colon separated) along with verifying string lengths of each field.
Commits on Jul 19, 2012
  1. minor pcap_capture update to not call atoi() against PCAP_LOOP_SLEEP …

    authored
    …for every sleep interval
Commits on Jul 18, 2012
  1. [test suite] file_find_regex() postive vs. negative match styles

    authored
    Positive match style requires all regex's to be found, whereas negative match
    style only requires seeing one regex.
  2. Ensure that INPUT rules are added in --nat-local mode

    authored
    This change ensures that INPUT rules are added when the fwknop client is used to
    request access to a local service with --nat-local mode.
Commits on Jul 17, 2012
Commits on Jul 16, 2012
  1. Add INPUT ACCEPT rule for --nat-local connections

    authored
    When using the --nat-local argument on the fwknop client command line, the
    fwknopd server needs to add an INPUT ACCEPT rule for the requested access
    since the incoming connection is destined for a local socket.  Added test
    suite support to test --nat-local access.
    
    [test suite] Minor bug fix to ensure that all file_find_regex() calls return
    true if all regex's are matched and false if any regex does not match data in
    the specified file.
Commits on Jul 15, 2012
  1. @damienstuart
  2. @damienstuart
Commits on Jul 14, 2012
  1. @damienstuart
  2. @damienstuart
  3. @damienstuart
Commits on Jul 13, 2012
  1. [test suite] Bug fix to account for libfko.dylib extension

    authored
    Richard Haas reported the test suite failing on Mac OS X systems with the
    existence check for the libfko library.  Damien Stuart advised that the library
    has a different extention '.dylib' on Mac OS X, so this change accounts for the
    difference.
Something went wrong with that request. Please try again.